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USCYBERCOM 



COMUSSTRATCOM will 
establish USCYBERCOM 

DIRNSA is also 4-star 
Commander, U.S. Cyber 
Command 

IOC: Upon CDR confirmation 
at Ft. Meade, MD 

FOC: 1 OCT 10 

Services will create a 
component 

JFCC-NW, JTF-GNO dissolved 
by FOC 



*Source: 23Jun09 SECDEF Letter 
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Subj: PLEST CYBER COKHAND/COmANDEF TENTH f LEFT rRPlJOUWTATION PLAN 

tt»ei: (1) FLTCYBERCt^ ■ COmemiFLT Org»ni**tion Guidance 

(2) FLTCYBERCOH Top Lev* I Cl Relationships 

(3) FLTCYBERCOH Detailed Com and Relationahipa 

1. As tasked by the Secretary of Defenea, the Navy shall identify and 
pxovide component support to U.S. Cyber Coomand IU3CYBEPC0HI . As 
such, a fleet Cyber CoomAod | hi.TCYb£HCOH i will be establiehad on 1 
October 2009 to serve as the Navy Component Coneiander to U9CYBEPC0H. 

2. Director of Naval lm.*Uig«ncw |R2l will lead a FLTCY1MCRCGH 
Iapletientat ion Teen end develop the ii»ple»»entation plan. The plan 
must delineate FLTCYBERCOH % ini ss Ion. roles, respcnslbilitlas, coaMnd 
and control . reporting, and support relationships across the Navy and 
with UOCYMCPCON, and initial manpower, facilities, and resource 
requirements. 

3 The rurcYNBNCOH inplenentat ion tean will include representatives 
f ror U.S. Fleet Forces Coamand and Navy Network Mar fate- Comand to 
coordinate the new alignaent outlined in enclosure II). Enclosure ()J 
delineates tasks, assuaptions, and deliverables for the irapl mentation 
plan Enclosures |2> and Ol illustrate FLTCYBEFCOH’ a top-level 
ronmnd and control, and detailed coamand relationships, respectively. 

4. This process nut produce a clear laplmentet ion plan no later 
than 31 August 2009 to allow Tor PL'PCYBEPCOH’ a initial operational 
capability on 1 October 2009. 
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□ Establish Fleet Cyber Command to 

Reserve as the Naval component 
WT Commander to USCYBERCOM 
' 1 □ Central operational authority for 

Navy networks, cryptology/SIGINT, 
10, cyber, EW and space in support 
of forces afloat and ashore 

□ Delineate FLTCYBERCOM’s mission: 

□ Directs cyberspace operations, to 
deter and defeat aggression 

□ Ensure freedom of action and 
achieve military objectives in and 
through cyberspace 

□ Organize and direct Navy 
cryptologic operations worldwide 

□ Integrate Information Operations 
and Space planning and operations 
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Navy Cyberspace C2 Relationships 
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FCC/C10F Lines of Operation 



■ Lines of Operation 

> Operate - Achieve and sustain the 
ability to navigate and maneuver 
freely in cyberspace and the RF 
spectrum 

> Defend - Actively assuring Navy’s 
ability to Command and Control its 
operational forces in any 
environment 

> Exploit/Attack - On command, 
and in coordination with Joint and 
Navy commanders, conduct 
operations to achieve effects in 
and through cyberspace 




Aligned with USCYBERCOM 
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FCC/C10F Operating Authorities 



Title 50 Authority 
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Title 10 Authority 
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Title 50 USC 

■ Analyze network activity 
of target users and/or 
computers 

■ Analyze network activity 
of target groups 

■ Provide alerts when 
target users/computers 
are active 

■ Track network usage 

■ Determine associations of 
groups & individuals 



Warfighter 
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Title 10 USC 

■ Deny network and/or 
computer use 

■ Degrade network 
and/or computer use 

■ Redirect network traffic 

■ Disrupt 

■ Destroy 



Coordination 




Title 14 Authority 
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FCC/C10F Global Operations 
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Navy Sensor 
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Washington 
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Technical Director & Cl 




■ Senior Executive Service career official 

■ Serves as the senior Research Development, Test 
and Evaluation (RDT&E) Executive providing the 
Commander with advice & assistance 

> Serve as command’s Senior Executive responsible for 
technical direction 

> Formulate Cyber RDT&E Strategic Programmatic Objectives 
supporting command mission 

> Identify Cyber technology investment opportunities 
strengthening Navy Enterprise capabilities & 
operational/tactical effectiveness 

> Recommend technology policies & standards 

> Enhance teamwork and collaboration strengthening Command 
structure and cyber strategic deliverables across the DON, 
OSD, OGAs and Coalition Partners 

> Ensure RDT&E Cyber objectives meet current and future 
exponentially growing technology advances and threats. 
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CTF 1010 
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I DC Data 



Information Dominance Corps 








SPACE CADRE 

Various 
Designators 

969 AC 
167 RC 

320 Civilians 



Total: 46,211 Personnel 
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A picture says it best 



Views derived 
data stored in the 
cloud proximal to 
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Cyber and Maritime SA 





Tools 



Externall 
Data 
Feeds 



Cl OF 



Sensor Data 



Multiple Views 
-Logical 
-Nodal 
-Check Lists 
-IP based 
V^-Geographic 



Maritime Data 



Cyber Data 



Geographic Views 
-Spatial 

-Readiness of ship 
-Time to get 
ordnance to target 
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Cyber SA Initiatives 
■ Mapping & Managing the Network 

> Established Cyber Maritime Operations Center (MOC) 

• Space dedicated to and designed for SA 

> Working through pilots to map the Navy network using 
the following tools; 

• IPSONAR: implementation-pilot network discovery & mapping 
tool currently deployed on SIPRNET(Yokosuka, Naples & 

Bahrain) 

• Everest: implementation-pilot Lawrence Livermore National 
Laboratory-generated visualization tool employing HBSS 
agent data 

• Host-Based Security System (HBSS): DoD-standard C4I 
Host-based Intrusion Prevention System deployed on USN 
terrestrial and Shipboard C4I NIPR and SIPRNET networks 
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Cyber SA Initiatives 

> Moving to integrate tools/capabilities in the context 
of NSA Cyber Pilot 

• Enterprise Network Management System (ENMS): mature 
capability to monitor shore-side networks to the router on 
afloat platforms 

• Integrated Network Management System (INMS): mature 
DISA-provided SA tool for monitoring the GIG at the DISA 
Transport level 

• SM-7: Hewlett-Packard (HP) provided info technology 
system management tool employed in monitoring CONUS 
shore-side networks and systems 

• Cybercore: Business Object Environment based data 
store and widget driven front end to provide SA of Navy 
CND sensors 
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Cyber SA Initiatives - External Awareness 



■ External to the DoD Cyber Awareness 



> Commercial IT companies 



• Telecom Companies can provide high level metrics of 
the internet - slide shows the expected are real usage 
of commercial IT network 



• Commercial undersea transport locations helped us to 
expect outages based events such as the Japanese 
Tsunami 




Cyber SA Challenges 

■ Cognitive Science & Human Factors 

> What are the linkages between the data and the actions the 
operator needs to take or decisions the commander needs to 
make? 

> How should the data be displayed at for different actions or 
decisions? 

> How should the data be displayed given different operational 
(threat) environments? 

■ Very Large Dataset Analytics 

> Possibly the most difficult part of developing and maintaining SA 

> Reduce the mass of data into appropriate information sets for 
display 

• Net sensor data, alarms, net anomalies, packet capture, etc. 

> Sharing/access “externally owned” data & analytics for this data 
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Cyber SA Challenges 



■ Linking virtual locations to physical locations 

> If we find a client is not behaving as expected we should be able to 
see it’s location on a ship and the location of the ship on a map. 
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Cyber SA Challenges 



■ Ability to afford gaining SA and control of non-SNMP 
legacy network elements 

> Analog radios 

■ Extended View of Cyber 

> SA of cyber external to DoD? 

• What is the quantitative level of attacks? 

• Are sections of the worldwide transport damaged or 
down? 

> Should this be collected & provided at a higher level? 

> Time synchronization of events 

■ Transition from awareness to action; automation versus 
human in the loop 
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SCADA & Other Initiatives 




■ Initial threat assessment of 
HM&E risks from cyber 

■ Initial threat assessment of 
closed loop systems from 
cyber 





21 




SCADA & Other Challenges 



■ Industr al/SCADA systems 
using PLCs, embedded OS, 
and RISC processors are 
difficult to update to improve 
security 

> Use IA agents & sensors in real- 
time environments 

> Develop hardening capabilities to 
encase SCADA systems with a 
defensive capability without 
requiring high cost upgrades 
using existing hardware and 
minimal operator knowledge. 




PLC Controller 



RISC Processor 
operating in real-time 
without interrupts 



Boundary encasing 
SCADA code to 
provide security 
without degradation 
in speed of actions 



> Ability to scan source code of real 
time systems for vulnerabilities 
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SCADA & Other Challenges 



■ Bridging enterprise security to user 
owned and operated mobile 
computing platforms and next 
generation tablets. 

> DoD required security features 
such as 2 factor authentication 
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Other Significant Questions 




1 . Is virtual maneuver of networks to 

obfuscate/deceive executable at large 

scales? 

> Defending networks that we 
purposefully change when we are still 
developing the best way to manage a 
static network 

> “Defend and Jump” using virtualized 
firewalls & routers and security devices 

> Applying virtual maneuver (IP Hopping, 
software configured networks) in 
situations where clear knowledge of the 
network lacking (Invicta)? 
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Other Significant Questions 

2. How do we assess risks/boundaries to grant 
authority to operate in the cloud? 

3. How do you handle information spill 
containment in a highly virtualized / large 
cloud environment? 

4. Is attribute based access control (ABAC) 
effective at very large scales? 

> Highly granular identities and tagged data 
change rapidly 
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Other Significant Questions 



5. What are the implications of transitioning an 
enterprise network from IPv4 to IPv6? 

> Cyber SA 

> Network Defense 



6. Measuring affect of actions in cyberspace 

7. Assigning attribution with a level of certainty 
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